dna based strong cipher

8/3/2019 Dna Based Strong Cipher

1/42

PROJECT REPORT ON

Enforcing Security Using RSA Algo in

NetbankingDEGREE IN

SUBMITTED BY

UNDER THE GUIDANCE OF

PROF. J. ABC

ABC

CIDCO, SEC-3, AIROLI, NAVI MUMBAI-400708

FEBRUARY 2010

1


2/42

CERTIFICATE

This is to certify that Mr./Ms._________________________________________(PRN:

________________) has successfully completed a project entitled Industry

Manpower and A Resource Organisation in partial fulfillment for the requirement of

B.TECH IN MECHANICAL ENGINEERING (MLEP) 9TH SEM.

Signature with Date

Project Guide SC Coordinator

Internal Examiner External Examiner

2


3/42

ACKNOWLEDGEMENT

I would like to take this opportunity to express my gratitude towards all the people

who have in various ways, helped in the successful completion of my project.

I must convey my gratitude to Prof. Mathews for giving me the constant

source of inspiration and help in preparing the project, personally correcting

my work and providing encouragement throughout the project.

I also thank all my faculty members for steering me through the tough as well as

easy phases of the project in a result oriented manner with concern attention.

Thanking You,

________________

3


4/42

ABSTRACT

We are going to implement NetBanking website which will provide security to user for money

transaction through RSA algorithm. RSA algorithm is Public Key cryptography, invented in

1978. Using RSA algorithm our system will encrypt the user transaction and at the receivers end

using RSA our system will decrypt the transaction, this way our system will provide security to

online transactions. For implementing this project we are using PHP as frontend and MYSQL as

backend.

4


5/42

INDEX

SR.NOSR.NO TITLE PG.NO

1)1) INTRODUCTION1

2)2) LITERATURE SURVEY5

3)3) PROBLEM DEFINITION8

4)4) REQUIREMENT ANALYSIS11

5)5) PLANNING AND ESTIMATION

13

6)6) TESTING15

7)7) IMPLEMENTATION22

8)8) ADVANTAGES & DISADVANTAGES27

9)9) FUTURE MODIFICATIONS29

10)10) APPLICATION31

11)11) BIBLIOGRAPHY33

12)12) SCREENSHOTS48

13)13) SOURCE CODE50

5


6/42

Chapter 1

INTRODUCTIONINTRODUCTION

6


7/42

INTRODUCTION

1. Introduction to Cryptography:

In the era of information technology, the possibility that the information stored in a

persons computer or the information that are being transferred through network of

computers or internet being read by other people is very high. This causes a major

concern for privacy, identity theft, electronic payments, corporate security, military

communications and many others. We need an efficient and simple way of

securing the electronic documents from being read or used by people other than

who are authorized to do it. Cryptography is a standard way of securing the

electronic documents.

1.1 Basic idea of Cryptography:

Basic idea of cryptography is to mumble-jumble the original message into

something that is unreadable or to something that is readable but makes no sense of

what the original message is. To retrieve the original message again, we have to

transform the mumble-jumbled message back into the original message again.

1.2 Basic Terminologies used in Cryptography:

Data that can be read and understood without any special measures is called

plaintext or cleartext. This is the message or data that has to be secured. The

method of disguising plaintext in such a way as to hide its substance is called

encryption. Encrypting plaintext results in unreadable gibberish called ciphertext.

You use encryption to ensure that information is hidden from anyone for whom it

7


8/42

is not intended, even those who can see the encrypted data. The process of

reverting ciphertext to its original plaintext is called decryption.

Cryptography is the science of mathematics to encrypt and decrypt data.

Cryptography enables us to store sensitive information or transmit it across

insecure networks like Internet so that no one else other the intended recipient can

read it. Cryptanalysis is the art of breaking Ciphers that is retrieving the original

message without knowing the proper key. Cryptography deals with all aspects of

secure messaging, authentication, digital signatures, electronic money, and other

applications.

1.3 Cryptographic Algorithms:

Cryptographic algorithms are mathematical functions that are used in the

encryption and decryption process. A cryptographic algorithms works in

combination with a key (a number, word or phrase), to encrypt the plain text. Same

plain text encrypts to different cipher texts for different keys. Strength of a

cryptosystems depends on the strength of the algorithm and the secrecy of the key.

1.4 Two Kinds of Cryptography Systems:

There are two kinds of cryptosystems: symmetric and asymmetric. Symmetric

cryptosystems use the same key (the secret key) to encrypt and decrypt a message,

and asymmetric cryptosystems use one key (the public key) to encrypt a message

and a different key (the private key) to decrypt it. Symmetric cryptosystems are

also called as private key cryptosystems and asymmetric cryptosystems are also

called aspublic key cryptosystems.

8


9/42

Chapter 2

LITERATURELITERATURE

SURVEYSURVEY

9


10/42

2. Overview of Private Key Cryptography:

In private-key cryptography, the sender and recipient agree beforehand on a secret

private key. The plaintext is somehow combined with the key to create the cipher

text. The method of combination is such that, it is hoped, an adversary could not

determine the meaning of the message without decrypting the message, for which

he needs the key. The following diagram illustrates the encryption process:

The following diagram illustrates the decryption process:

10

Message to beencrypted or

plain text

EncryptionAlgorithm

Encryptedmessage or

Cipher text

Private Key known

only to sender andreceiver

Message to bedecrypted or

cipher text

Decryption

Algorithm

Decryptedmessage or

Plain text

Private Key known

only to sender andreceiver


11/42

To break a message encrypted with private-key cryptography, an adversary must

either exploit a weakness in the encryption algorithm itself, or else try an

exhaustive search of all possible keys (brute force method). If the key is large

enough (e.g., 128 bits), such a search would take a very long time (few years),

even with very powerful computers.

Private-key methods are efficient and difficult to break. However, one major

drawback is that the key must be exchanged between the sender and recipient

beforehand, raising the issue of how to protect the secrecy of the key. When the

President of the United States exchanges launch codes with a nuclear weapons site

under his command, the key is accompanied by a team of armed couriers. Banks

likewise use high security in transferring their keys between branches. These types

of key exchanges are not practical, however, for e-commerce between, say,

amazon.com and a casual web surfer.

3. Overview of Public Key Cryptography:

Public Key cryptography uses two keys Private key (known only by the recipient)

and a Public key (known to everybody). The public key is used to encrypt the

message and then it is sent to the recipient who can decrypt the message using the

private key. The message encrypted with the public key cannot be decrypted with

any other key except for its corresponding private key. The following Diagram

illustrates the encryption process in the public key cryptography

11

Message to be

encrypted or

plain text

Encryption

Algorithm

Encrypted

message or

Cipher text

Public Key knownto everyone


12/42

The following diagram illustrates the decryption process in the public key

cryptography:

the public-key algorithm uses a one-way function to translate plaintext to

ciphertext. Then, without the private key, it is very difficult for anyone (including

the sender) to reverse the process (i.e., translate the ciphertext back to plaintext). A

one-way function is a function that is easy to apply, but extremely difficult to

invert. The most common one-way function used in public-key cryptography

involves factoring very large numbers. The idea is that it is relatively easy to

multiply numbers, even large ones, with a computer; however, it is very difficult to

factor large numbers. The only known algorithms basically have to do a sort of

exhaustive search (Does 2 go in to? Does 3? 4? 5? 6? and so on). With numbers

128 bits long, such a search requires performing as many tests as there are particles

in the universe.

For instance, someone wishing to receive encrypted messages can multiply two

very large numbers together. She keeps the two original numbers a secret, but

sends the product to anyone who wishes to send her a message. The

encryption/decryption algorithm is based upon combining the public number with

the plaintext. Because it is a one-way function, the only way to reverse the process

12

Message to be

encrypted orplain text

Encryption

Algorithm

Encrypted

message orCipher text

Private Key known

only to receiver


13/42

is to use one of the two original numbers. However, assuming the two original

numbers are very large, their product is even bigger; it would be impractical for an

adversary to try every possibility to determine what the two original numbers were.

13


14/42

Chapter 3

PROBLEMPROBLEM

DEFINITIONDEFINITION

14


15/42

Problem Definition:

Present system uses private key cryptography for internet banking application or

websites. Private-key methods are efficient and difficult to break. However, one

major drawback is that the key must be exchanged between the sender and

recipient beforehand, raising the issue of how to protect the secrecy of the key.

When the President of the United States exchanges launch codes with a nuclear

weapons site under his command, the key is accompanied by a team of armed

couriers. Banks likewise use high security in transferring their keys between

branches. These types of key exchanges are not practical, however, for e-

commerce between, say, amazon.com and a casual web surfer.

15


16/42

Chapter 4

HARDWARE &HARDWARE &SOFTWARESOFTWARE

REQUIREMENREQUIREMEN

16


17/42

Hardware and Software requirements

Hardware:

1. Processor: Pentium 4

2. RAM: 512 MB or more

3. Hard disk: 16 GB or more

4. Android Device

Software

1. WAMP server

Frontend

1. PHP

Backend

1. MYSQL

17


18/42

Chapter 5

PLANNING ANDPLANNING AND

ESTIMATIONESTIMATION

18


19/42

Planning and Cost Estimation

The entire project spanned for duration of 9 months. In order to

effectively design and develop a cost-effective model the Waterfall model

was practiced.

FIGURE 1 WATERFALL MODEL

Requirement gathering and Analysis phase:

19


20/42

This phase started at the beginning of our project, we had formed

groups and modularized the project. Important points of consideration

were

1 Define and visualize al l the object ives clearly .

2 Gather requi rements and evaluate them.

3 C on si de r t he te ch ni ca l r eq ui re me nts n ee de d a nd th en

collec t t echnica l speci fi ca t ions of various periphera l

components required.

4 Analyze the coding languages needed for the project.

5 Def ine cod ing s tr at eg ies.

6 Analyze fu ture r isks / problems .

7 Define s t rategies to avoid this r isks else def ine al ternate solutions to

this risks.

8 Check f inancia l f eas ib il ity.

9 Def ine Gant t char ts and ass ign t ime span for each phase.

By studying the project extensively we developed a Gantt chart to track

and schedule the project. Below is the Gantt chart of our project.

TimeLine

20


21/42

21


22/42

Cost Estimation

Cost estimation is done using cocomo model

cost Drivers

Ratings

Very

Low Low Nominal High

Very

High

Extra

High

Product attributes

Required software reliability 0.75 0.88 1.00 1.15 1.40

Size of application database 0.94 1.00 1.08 1.16Complexity of the product 0.70 0.85 1.00 1.15 1.30 1.65

Hardware attributes

Run-time performance constraints 1.00 1.11 1.30 1.66

Memory constraints 1.00 1.06 1.21 1.56

Volatility of the virtual machine environment 0.87 1.00 1.15 1.30

Required turnabout time 0.87 1.00 1.07 1.15

Personnel attributes

Analyst capability 1.46 1.19 1.00 0.86 0.71

Applications experience 1.29 1.13 1.00 0.91 0.82

Software engineer capability 1.42 1.17 1.00 0.86 0.70

Virtual machine experience 1.21 1.10 1.00 0.90

Programming language experience 1.14 1.07 1.00 0.95

Project attributes

Use of software tools 1.24 1.10 1.00 0.91 0.82

Application of software engineering methods 1.24 1.10 1.00 0.91 0.83

Required development schedule 1.23 1.08 1.00 1.04 1.10

22


23/42

The Intermediate Cocomo formula now takes the form:

E=ai(KLoC)(b

i).EAF

Using above calculation we found that

The total time period of the project is around 6 months, the per month cost comes out to be

Rs.20,000 , so the total comes to be Rs. 1,20,000

Chapter 623


24/42

TESTINGTESTING

Testing

Software testing methods are traditionally divided intoblack box testing and white box testing.

These two approaches are used to describe the point of view that a test engineer takes when

designing test cases.

Black box testing

Black box testing treats the software as a "black box"without any knowledge of internal

implementation. Black box testing methods include: equivalence partitioning,boundary value

analysis, all-pairs testing, fuzz testing, model-based testing, traceability matrix,exploratory

testing and specification-based testing.

24
http://en.wikipedia.org/wiki/Black_box_testinghttp://en.wikipedia.org/wiki/White_box_testinghttp://en.wikipedia.org/wiki/Black_box_testinghttp://en.wikipedia.org/wiki/Equivalence_partitioninghttp://en.wikipedia.org/wiki/Boundary_value_analysishttp://en.wikipedia.org/wiki/Boundary_value_analysishttp://en.wikipedia.org/wiki/All-pairs_testinghttp://en.wikipedia.org/wiki/Fuzz_testinghttp://en.wikipedia.org/wiki/Model-based_testinghttp://en.wikipedia.org/wiki/Traceability_matrixhttp://en.wikipedia.org/wiki/Exploratory_testinghttp://en.wikipedia.org/wiki/Exploratory_testinghttp://en.wikipedia.org/wiki/Black_box_testinghttp://en.wikipedia.org/wiki/White_box_testinghttp://en.wikipedia.org/wiki/Black_box_testinghttp://en.wikipedia.org/wiki/Equivalence_partitioninghttp://en.wikipedia.org/wiki/Boundary_value_analysishttp://en.wikipedia.org/wiki/Boundary_value_analysishttp://en.wikipedia.org/wiki/All-pairs_testinghttp://en.wikipedia.org/wiki/Fuzz_testinghttp://en.wikipedia.org/wiki/Model-based_testinghttp://en.wikipedia.org/wiki/Traceability_matrixhttp://en.wikipedia.org/wiki/Exploratory_testinghttp://en.wikipedia.org/wiki/Exploratory_testing


25/42

Specification-based testing: Specification-based testing aims to test the functionality of

software according to the applicable requirements. Thus, the tester inputs data into, and

only sees the output from, the test object. This level of testing usually requires thorough

test cases to be provided to the tester, who then can simply verify that for a given input,

the output value (or behavior), either "is" or "is not" the same as the expected value

specified in the test case.

Specification-based testing is necessary, but it is insufficient to guard against certain

risks.

Advantages and disadvantages: The black box tester has no "bonds" with the code, and

a tester's perception is very simple: a code musthave bugs. Using the principle, "Ask and

you shall receive," black box testers find bugs where programmers do not. But, on the

other hand, black box testing has been said to be "like a walk in a dark labyrinth without

a flashlight," because the tester doesn't know how the software being tested was actually

constructed. As a result, there are situations when (1) a tester writes many test cases to

check something that could have been tested by only one test case, and/or (2) some parts

of the back-end are not tested at all.

Therefore, black box testing has the advantage of "an unaffiliated opinion," on the one hand, and

the disadvantage of "blind exploring," on the other.

White box testing

White box testing is when the tester has access to the internal data structures and algorithms

including the code that implement these.

Types of white box testing

The following types of white box testing exist:

API testing (application programming interface) - Testing of the

application using Public and Private APIs

Code coverage - creating tests to satisfy some criteria of code coverage

(e.g., the test designer can create tests to cause all statements in the program to be

executed at least once)

25
http://en.wikipedia.org/wiki/White_box_testinghttp://en.wikipedia.org/wiki/Application_programming_interfacehttp://en.wikipedia.org/wiki/Code_coveragehttp://en.wikipedia.org/wiki/White_box_testinghttp://en.wikipedia.org/wiki/Application_programming_interfacehttp://en.wikipedia.org/wiki/Code_coverage


26/42

Fault injection methods - improving the coverage of a test by introducing

faults to test code paths

Mutation testing methods

Static testing - White box testing includes all static testing

Code completeness evaluation

White box testing methods can also be used to evaluate the completeness of a test suite

that was created with black box testing methods. This allows the software team to

examine parts of a system that are rarely tested and ensures that the most important

function points have been tested.

Two common forms of code coverage are:

Function coverage, which reports on functions executed

Statement coverage, which reports on the number of lines executed to

complete the test

They both return a code coveragemetric, measured as apercentage.

Integration testing is any type of software testing, that seeks to verify the interfaces between

components against a software design. Software components may be integrated in an iterative

way or all together ("big bang"). Normally the former is considered a better practice since it

allows interface issues to be localised more quickly and fixed.

Acceptance testing

Acceptance testing can mean one of two things:

1. A smoke test is used as an acceptance test prior to introducing a new build to the main

testing process, i.e. before integration orregression.

26
http://en.wikipedia.org/wiki/Fault_injectionhttp://en.wikipedia.org/wiki/Mutation_testinghttp://en.wikipedia.org/wiki/Static_testinghttp://en.wikipedia.org/wiki/Function_pointshttp://en.wikipedia.org/wiki/Code_coveragehttp://en.wikipedia.org/wiki/Software_metrichttp://en.wikipedia.org/wiki/Percentagehttp://en.wikipedia.org/wiki/Smoke_testhttp://en.wikipedia.org/wiki/Integration_testinghttp://en.wikipedia.org/wiki/Regression_testinghttp://en.wikipedia.org/wiki/Fault_injectionhttp://en.wikipedia.org/wiki/Mutation_testinghttp://en.wikipedia.org/wiki/Static_testinghttp://en.wikipedia.org/wiki/Function_pointshttp://en.wikipedia.org/wiki/Code_coveragehttp://en.wikipedia.org/wiki/Software_metrichttp://en.wikipedia.org/wiki/Percentagehttp://en.wikipedia.org/wiki/Smoke_testhttp://en.wikipedia.org/wiki/Integration_testinghttp://en.wikipedia.org/wiki/Regression_testing


27/42

2. Acceptance testing performed by the customer, often in their lab environment on their

own HW, is known as user acceptance testing (UAT).

Chapter 627
http://en.wikipedia.org/wiki/Acceptance_testing#User_acceptance_testinghttp://en.wikipedia.org/wiki/Acceptance_testing#User_acceptance_testing


28/42

IMPLEMENTATIONIMPLEMENTATION

4. RSA Public Key Cryptography Algorithm:

4.1 Introduction to RSA Algorithm:

RSA is one of the most popular and successful public key cryptography algorithms. The

algorithm has been implemented in many commercial applications. It is named after its

inventors Ronald L. Rivest, Adi Shamir, and Leonard Adleman. They invented this algorithm inthe year 1977. They utilized the fact that when prime numbers are chosen as a modulus,

operations behave conveniently. They found that if we use a prime for the modulus, thenraising a number to the power (prime - 1) is 1.

RSA algorithm simply capitalizes on the fact that there is no efficient way to factor very large

integers. The security of the whole algorithm relies on that fact. If someone comes up with an

easy way of factoring a large number, then thats the end of the RSA algorithm. Then anymessage encrypted with the RSA algorithm is no more secure.

28


29/42

4.2 RSA Algorithm:

The encryption and decryption in the RSA algorithm is done as follows. Before encryption and

decryption is done, we have to generate the key pair and then those keys are used for encryption

and decryption.

4.2.1 Key Generation:

The first step in RSA encryption is to generate a key pair. Two keys are

generated of which one is used as the public key and the other is used as the

private key. The keys are generated with the help of two large prime numbers.

The keys are generated as follows

1. Generate two large random primes p and q.

2. Compute n which is equal to product of those two prime numbers, n = pq3. Compute (n) = (p-1)(q-1).

4. Choose an integer e, 1 < e < (n), such that gcd(e, (n)) = 1.

5. Compute the secret exponent d, 1 < d < (n), such that ed 1 (mod (n)).6. The public key is (n, e) and the private key is (n, d). The values of p, q, and (n)

should also be kept secret.

n is known as the modulus.

e is known as thepublic exponentorencryption exponent. d is known as thesecret exponentordecryption exponent.

4.2.2 Encryption:Encryption is done using the public key component e and the modulus n. To

whomever we need to send the message, we encrypt the message with their public

key (e,n). Encryption is done by taking an exponentiation of the message m with

the public key e and then taking a modulus of it. The following steps are done in

encryption.

1. Obtain the recipients public key (n,e)

2. Represent the plaintext message as a positive integer m < n

3. Compute the ciphertext c = m^e mod n.

4. Send the ciphertext c to the recipient.

29


30/42

4.2.3 Decryption:

Decryption is done using the Private key. The person who is receiving the

encrypted message uses his own private key to decrypt the message.

Decryption is similar to the encryption except that the keys used are

different.

1. Recipient uses his private key (n,d) to compute m = c^d mod n.

2. Extract the plaintext from the integer representative m.

The RSA algorithm has been implemented in many applications and it is currently

one of the most popularly used encryption algorithm. RSA algorithm is based fully

on mathematics and in the next section we will see the mathematics behind RSA.

DFD

30

Sender

RSA

Decryption

RSA

EncryptionServer

Amount & Acc information

Online Transaction using RSA


31/42

Chapter 8

31

Receiver

Amount


32/42

ADVANTAGESADVANTAGES

Advantages:

Provides high level of security to online transactions.

Reduce/prevent financial loss from attacks.

32


33/42

Chapter 9

33


34/42

APPLICATIONAPPLICATION

1. To increasing security in online transactions.

2. For high level secure communication in war.

34


35/42

Chapter 10

35


36/42

FUTUREFUTUREMODIFICATIONSMODIFICATIONS

36


37/42

Chapter 11

37


38/42

BIBILIOGRAPHYBIBILIOGRAPHY

BIBLOGRAPHY

[1] M. Weiser, The Computer for the 21st Century, Scientific American, vol. 265, no. 3, pp.

94-104, September 1991.

[2] D. J. Goodman, The wireless Internet: promise and challenges, Computer, vol. 33, no. 7,

pp. 36-41, July 2000.

[3] S. Saha, M. Jamtgaard, and J. Villasenor, Bringing the wireless Internet to mobile devices,

Computer, vol. 34, no. 6, pp. 54-58, June 2001.

38


39/42

[4] P. Pace, G. Aloi, and A. Palmacci, A Multi-Technology Location- Aware Wireless System

for Interactive Fruition of Multimedia Contents, IEEE Transactions on Consumer Electronics,

vol. 55, No. 2, pp. 342-250, MAY 2009.

[5] F. O. Akgul, and K. Pahlavan, Location Awareness for Everyday Smart Computing,

Proceedings of the 16th International Conference on Telecommunications, pp. 2-7, Marrakech,

Morocco, May 2009.

[6] S. Hartwig, M. Luck, J. Aaltonen, R. Serafat, and W. Theimer, Mobile multimedia -

challenges and opportunities, IEEE Transactions on Consumer Electronics, vol. 46, no. 4, pp.

1167-1178, November 2000.

[7] D.L. Lee, W.-C. Lee, J. Xu, and B. Zheng, Data Management in location-dependent

information services,IEEE Pervasive Computing, vol. 1, no. 3, pp. 65-72, July-Sept. 2002.

[8] P. Bellavista, A. Kupper, and S. Helal, Location-based services: back to the Future, IEEE

Pervasive Computing, vol. 7, issue 2, pp. 85-89, April-June 2008.

Chapter 1239


40/42

SCREENSHOTSSCREENSHOTS

40


41/42

Chapter 13

SOURCE CODESOURCE CODE

41


42/42

dna based strong cipher

Documents